Skip to content

2026

Safeguarding SAML Assertions with SAML Token Encryption

Digging in to SAML Attributes

Continuing on the topic of SAML from last weeks article, another interesting topic worth exploring is SAML Token Encryption. In most cases during an SSO setup or an SSO application migration from one identity provider to another, you likely won't come across a case where token encryption is required. However, without a proper understanding of what it is or how to set it up you may find yourself troubleshooting an issue that has a relatively simple solution.

Digging in to SAML Attributes

Digging in to SAML Attributes

One of the common projets I'm often times engaged in is Single Sign-On migrations from a previous IdP to Microsoft Entra. Typically these projects are pretty structured. Do some planning to determine which apps need to be moved, prestage applications in the environment, start coordinating with Application Owners on requirements around configuration and claims, and then cutover the application at a predetermined time. Other than the sometimes painful work of communicating and coordinating with App Owners to discuss configuration and figure out if a Vendor has to get involved, attributes and claims are an easy thing to get wrong. It's easy to sidestep attributes when learning about SAML and not spend any time thinking about each claim is and how it's used, but then I feel like you're left with an incomplete view of how SAML actually works. This post is my attempt to grapple with them just a little bit more intentionally.

Welcome to Atomic Entra!

Welcome to Atomic Entra banner

When I initially started this blog, I was not always completely sure what I wanted to talk about. I was earlier in my career, moving through personal and professional change, and interested in nearly every corner of the Microsoft cloud ecosystem. At the time, a lot of my day-to-day work lived around Microsoft Sentinel and Microsoft XDR, so that naturally shaped what I wrote about.

Last year, after moving into a consulting role and getting re-exposed to the broader Microsoft cloud landscape, identity became the topic I could not ignore. Between the pace of change in identity security and the explosion of agentic AI, identity keeps becoming more central to how organizations protect access, make decisions, and manage risk.